izpis_h1_title_alt

Vzpostavitev visoko interaktivnega sistema za opazovanje obnašanja napadalcev
ID ŠTEFANIĆ JUŽNIČ, LEON (Author), ID Sedlar, Urban (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (2,08 MB)
MD5: 667421AC121E6701EA1E5CACDD5D1EBC

Abstract
Trenutno smo v obdobju velikega zanimanja za kibernetsko varnost, saj je napadov na povezane naprave vedno več. Ena izmed možnosti, kako lahko pomagamo k boljši varnosti, je tudi uporaba pasti za napadalce (angl. honeypots). To je koncept elektronskih pasti, ki ga postavimo na omrežje, da ga je mogoče napasti in ogroziti, med tem pa pasti za napadalce zbirajo podatke o napadih. Večina pasti ne podpira visoke interaktivnosti, kar povzroči hitrejše odkritje, da gre za lažno napravo. Da bi naredili pasti čim bolj zanimive za napadalca, želimo simulirati realen sistem s poljubnim operacijskim sistemom in storitvami. Ker so zbrani podatki na različnih lokacijah, želimo postaviti sistem za centralno beleženje in analizo podatkov. Izziv pri nameščanju pasti je tudi vzpostavitev skalabilne in fleksibilne infrastrukture. Ta problem je viden tako pri nameščanju velikega števila pasti, kot tudi pri vzpostavitvi sistema za shranjevanje in analizo podatkov. V magistrskem delu najprej predstavimo tehnologijo pasti in izberemo najprimernejšo past za našo nalogo. Nato predstavimo tehnologije, ki jih smo jih uporabili v našem sistemu za opazovanje napadalcev. Opišemo delovanje Docker kontejnerjev, orkestracijskega orodja Kubernetes in sistema za centralno beleženje podatkov. V nadaljevanju opišemo posamezne faze vzpostavitve visoko interaktivnega kontejneriziranega sistema pasti z oddaljenim dostopom preko ukazne lupine ter težave in rešitve, ki so se pri tem pojavile. Poglobimo se tudi v varnost kontejnerjev in na načine urejanja ter shranjevanja podatkov. Na koncu vzpostavimo delujoč sistem in predstavimo še njegove možne izboljšave.

Language:Slovenian
Keywords:past za napadalce, Cowrie, Kubernetes, Docker, Elastic sklad
Work type:Master's thesis/paper
Organization:FE - Faculty of Electrical Engineering
Year:2020
PID:20.500.12556/RUL-119301 This link opens in a new window
Publication date in RUL:07.09.2020
Views:1082
Downloads:204
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Design and implementation of a highly interactive honeypot for observing attacker activity
Abstract:
We are currently in a period of great interest in cybersecurity, as there are emerging more and more attacks on connected devices. One way we can help improve security is to use honeypots. It is a concept of electronic traps that we place on the network so that they can be attacked and threatened. In the meantime, honeypots acquire attacks data. Most honeypots don't support high interactivity, which makes them vulnerable to detection. To make honeypots as interesting as possible for the attacker we want to simulate a real system with customizable operating system and services. Next, we want to design a central data collection for multiple distributed honeypots. Another challenge is also establishing a scalable and flexible infrastructure. This problem is present at deploying a large number of honeypots, as well as setting up a system for storing and analyzing data. In the thesis, we first give an overview of the field of honeypots and choose the most suitable honeypot for our task. Then we present the technologies we used in our honeypot system. We describe Docker containers, Kubernetes, and a central data collection system. After that, we describe the individual phases of establishing a highly interactive containerized and distributed honeypot system with remote secure shell access. During each step, we present problems and solutions appeared in the process. We also go into details about the safety of containers and the ways of cleaning and storing data. Finally, we set up a working system and suggest possible improvements.

Keywords:honeypot, Cowrie, Kubernetes, Docker, Elastic Stack

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back